If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Online Customer Service

Ok, so I forgot my Google reader password a few minutes ago, so I decided to reset it. Easy, right? Well, I don't use Google for anything other than docs, code, and reader. So I'm not too worried about having an incredibly secure password. Sure, it's stronger than 12345 or my birthday, but it didn't exactly take me more than a few seconds to come up with it. So I type it in and hit enter, and then you know what Google does? Google has the audacity to tell me that my password is too weak. Who are they to tell me what I can and cannot have as my password? If I want to have an "easy to guess" password, then that's my prerogative. Seriously, it is none of Google's business what I have as my password.

Even earlier than this incident, I decided to look into order some tea online, and of course I have to create an account to order tea. Because it makes sense for a business to demand that I check my email inbox for their activation code so that they can make sure they can so graciously take my money. I couldn't even see what credit cards they accepted without creating an account or calling them.

I realize that the simple answer is to "stop being lazy" and just add a few numbers to the end of my password, or just autofill my information so I can see if the shop can take my credit card, but the point is that I am the customer and I should be able to utilize the product that I am paying for (I realize that I'm not directly paying Google, but they still need consumers to use their products if they want to make money). If I go to my local grocery store they don't tell me that I have to give them my name, address, and phone number, then tell me to go check my mailbox to verify that I am who I say I am before they accept my money. Online services are no different. If you want to prevent spammers, throw a recaptcha at the very tail end of the checkout.

Think about it. Google handles many millions of accounts. They hate spending any amount of resources on customer support. The stronger your password, the less likely it is to be hacked, the less likely you are to need support and, god forbid, human intervention. Decision-making at Google is done with algorithms. That's not a joke. In this case, there's an obvious correlation between password strength and account security.

The second example is clearly bullshit, though. Online retailers should be focusing on making the customer experience as easy as possible, and so many do a piss-poor job of that.

I understand Google's position, and I recognized that I was creating a potential security risk when the big PASSWORD STRENGTH bar said "weak", but I was shocked when it refused to let me choose my own password. That's simply unacceptable to me. Other website that I've been to have a similar password strength bar, but they just warn me, not force me to create a password that fulfills their demands.

Think about it. Google handles many millions of accounts. They hate spending any amount of resources on customer support. The stronger your password, the less likely it is to be hacked, the less likely you are to need support and, god forbid, human intervention. Decision-making at Google is done with algorithms. That's not a joke. In this case, there's an obvious correlation between password strength and account security.

It's not just end-user support of the account they have to deal with, but also misuse of resources due to hacked accounts (e.g. spammers using hacked gmail accounts) and the associated security risks involved.

As an aside, captchas are basically useless in stopping dedicated spammers (they are however useful in other ways, e.g. stopping/slowing down brute-force password attacks).